Merge pull request #5 from planetscale/gha/date-version-tag #34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Gosec | |
| on: [push, pull_request] | |
| jobs: | |
| gosec: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Source | |
| uses: actions/checkout@v4 | |
| - name: Download Gosec | |
| run: curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sudo sh -s -- -b /usr/bin v2.18.2 | |
| - name: Run Gosec Security Scanner | |
| #G107: Url provided to HTTP request as taint input | |
| #G109: Potential Integer overflow made by strconv.Atoi result conversion to int16/32 | |
| #G304: prevent loading configuration files from variable locations (we want to do this in local development) | |
| #G601: Implicit memory aliasing in for loop. (disabled due to false positives for safe code) | |
| run: gosec -exclude=G107,G109,G304,G601 ./... |